Darknet marketplaces (DNMs), forensic analysis, smart contracts, incident response
Allan Liefke joined TRM after 13 years as a special agent within the US Drug Enforcement Administration (DEA), where he focused on dark web and cryptocurrency investigations. With a background in forensic chemistry, Allan started his law enforcement career by analyzing seized drugs within NYPD’s crime lab. He then moved into its trace evidence section and later became an investigator with the DEA.
Can you provide a snapshot of the type of work you carried out with the DEA and how you ended up investigating crypto-related crime?
I spent more than 13 years with the DEA in Los Angeles and New York, where I focused on cybercrime. In that role, crypto-related cases linked to the dark web and drug-linked money laundering started crossing my desk.
I arrested a number of vendors selling drugs on darknet marketplaces (DNMs). But I also worked larger cases with federal partners like the FBI, where we went after the administrators of DNMs. And there were cases with a more local impact in New York – mostly linked to Bitcoin – where we’d see cryptocurrency launderers advertise buying cryptocurrency on Craigslist. So we would target them from there.
In parallel, I supported other officers within the DEA who encountered cryptocurrency launderers in their cases and needed advice on how to move their investigations forward.
How do the cases you work now vary in breadth and scale? Are there any that stand out?
Fentanyl cases in particular can have enormous breadth. I work with our law enforcement partners to target the manufacturers of fentanyl precursor materials and the flow of their funds. Often, the precursors are paid for with bitcoin. We recently helped our partners trace the bitcoin payments and, using subpoenas, identified the recipients. One Chinese national was later sanctioned by OFAC. Through such tracing work, we can shut off the spigot of money that feeds the illicit drugs trade.
At TRM, I also cover the full gamut of crypto-related crime, including pig butchering and scams, in addition to the drugs-linked crime and associated money laundering I focused on previously.
An important and rewarding aspect of this has been the opportunity to support public and private partners on incident response cases related to large-scale hacks – for example, the August 2022 hack against cryptocurrency bridge Nomad investigation. Resulting in the theft of $190 million, the incident was among the largest-ever exploits carried out against a cryptocurrency bridge. And, with more than 300 addresses participating in the attack, the case was also notable for its scale.
I collaborated with Nomad and law enforcement as they worked to trace the stolen funds and identify recipient wallets. The leads we helped generate allowed them to identify several individuals behind the movement of the stolen funds.
I’ve also been involved in several smaller – but similarly rewarding – incident response cases supporting local law enforcement. In one case, a woman in her 70s had been scammed out of more than $400,000. As a result of my collaboration with local police in the ensuing investigation, almost $200,000 was returned to the victim.
Based on your experience, what is the biggest challenge facing crypto investigators around the world, and how can it be overcome?
Knowledge gaps – particularly among frontline officers – are a significant challenge. Collaboration with dedicated experts is a vital resource here, and something I’m proud TRM provides. Our team helps to upskill law enforcement personnel all around the world, and provides more granular support on specific cases where needed. Often we act as a sounding board, peer-reviewing investigative work, or helping to progress cases when they’ve hit a wall.
It helps, having walked in their shoes before, that we understand the investigative process. We appreciate their skills, dedication and professionalism, and also know the pitfalls, roadblocks and limitations they can face. The fact that we have team members spread all over the world is a real plus: they get the regional intricacies around case typologies and law enforcement setups that only locals are really familiar with.
Where do cryptocurrency tracing tools fit into this picture?
Sophisticated tracing tools are a real gamechanger for the investigative process. I first came across TRM Forensics while working with the DEA. Besides its multi-chain capability, the main thing I noticed was just how intuitive it was to use. Another strength is its constant evolution. Not prone to resting on its laurels, the company is always adding new features to make the software easier for law enforcement agencies to do their jobs more efficiently. It helps that TRM’s global investigations team gains early access to new features to see how they work and pressure-test them.
Describe an emerging criminal typology that you recently learned about.
Right now I’m seeing a lot of smart contract-based criminality, either via people trying to create their own smart contracts or manipulating smart contracts for malicious ends.
Recently, a federal partner asked an intriguing, complex question on the topic, which prompted me to dive deeper into it. I took a smart contract auditor certification course, which covered how smart contracts are audited, what vulnerabilities to look for and how to fix them. Since then, I have continued to sharpen my knowledge through self-study – particularly around some of the more obscure nuances around smart contracts and their inherent vulnerabilities.
Meet More Investigators
Ready to get started?
Fill out the form to schedule a demo with our team.